Should organizations like Dropbox and Google be employing two-factor authentication for users?

Passwords aren’t as secure as they used to be, and if someone gets your password, they can access your account with ease. Even having a strong password doesn’t completely protect you. Two-factor authentication helps solve this problem; hence, we should all be considering this method where the option exists.

Two-factor authentication is a simple feature, really. It requires both “something you know” (like a password) and “something you have” (like your phone). After you enter your password, you’ll get a second code sent to your phone, and only after you enter that will you be able get into your account. Imagine the additional work that this extra factor would create for hackers? However, if you rely purely on password authentication, either a strong one of more than 12 characters or a weaker alternative, research conducted by Joseph Bonneau of the University of Cambridge has shown that you may have a problem that you need to be aware of. If a hacker manages to steal your login info and the said password, there’s as much as a one-in-two chance that they will have the key (or a close fit) to your other password-secured services. This is because a high proportion of people reuse their passwords on several different accounts.

Obviously, not reusing passwords, changing them every 90 days, and choosing uncommon combinations of 12 or more characters are ways to better protect your secure data assets.  Two-factor authentication (verification), though, would really beef-up your defenses, making unauthorized access difficult for thieves attempting to hack into your account with a password that they’ve stolen/bought online – and Dropbox provides this!

Best advice? If you are worried, change your password and, when you login, opt to enable two-step verification using the interface below, which requires you to enter a cell phone number.

2-step verificationThat way, you will know if anyone is trying to access your Dropbox files using your chosen password – and you can report the misuse violation to the service provider’s security before the cyber criminals can make off with your nuggets.

Ten Rules of Information SecurityBasic password security is one of the fundamental precautions you can take to protect your business. Ten Rules of Information Security for the Smaller Business clearly and succinctly sets out the basic commonsense precautions which need to be taken by businesses in order to protect their information assets. This book offers invaluable advice to help you tackle information security with confidence.